Eremiya
Verified User
Hello,
How to stop execution files in PHP with double extension (ex. somefile.php.txt and other)?
How to stop execution files in PHP with double extension (ex. somefile.php.txt and other)?
Security Bug. How to stop execution php in double extension
- Thread starter Eremiya
- Start date
Eremiya
Verified User
I just add this to httpd.conf:
<FilesMatch "\.(php|inc|php3|php4|phtml|php5)$">
Order allow,deny
Deny from all
</FilesMatch>
But PHP code in file somefile.php.txt has worked in browser.
<FilesMatch "\.(php|inc|php3|php4|phtml|php5)$">
Order allow,deny
Deny from all
</FilesMatch>
But PHP code in file somefile.php.txt has worked in browser.
Eremiya
Verified User
Did not help.
no, look at this http://www.directadmin.com/forum/showthread.php?t=17248
- Joined
- Feb 27, 2003
- Messages
- 8,437
Hello,
Thanks for pointing that out.
I've added the FilesMatch into the default httpd.conf for apache 1.3, as well as into the custombuild scripts with the dynamic config creations.
John
Thanks for pointing that out.
I've added the FilesMatch into the default httpd.conf for apache 1.3, as well as into the custombuild scripts with the dynamic config creations.
John